Date: Thu, 19 Feb 2015 12:50:40 +0000 (UTC) From: Alfred Hegemeier <molybdanstahl-hh@yahoo.co.uk> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: freebsd-security Digest, Vol 522, Issue 1 Message-ID: <2128122602.2736874.1424350240576.JavaMail.yahoo@mail.yahoo.com> In-Reply-To: <mailman.91.1424347202.85396.freebsd-security@freebsd.org> References: <mailman.91.1424347202.85396.freebsd-security@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
just encrypt the whole hard drive with Geli.
That's the only protection I see: everything passing through the controller=
s is encrypted - unless keyloggers are installed, which you best protect ag=
ainst completely firewalling the "core" system, andhaving jails to access t=
he outer world.
PCbsd already dumped complete auto hard drive encryption in their latest pr=
oducts - the automatic full HD encr was dumped when the Snowden stuff was r=
evealed, I think with 10 release.So, I guess, they know why they removed it=
- makes it to secure.
Which brings up an important question: how 'safe' is the encryption Geli, i=
.e. how can we know that developers are not on any agencies pay list ?Does =
that make sense=C2=A0 what I am writing in your opinion ?
greetings.
From: "freebsd-security-request@freebsd.org" <freebsd-security-reques=
t@freebsd.org>
To: freebsd-security@freebsd.org=20
Sent: Thursday, 19 February 2015, 13:00
Subject: freebsd-security Digest, Vol 522, Issue 1
=20
Send freebsd-security mailing list submissions to
=C2=A0=C2=A0=C2=A0 freebsd-security@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
=C2=A0=C2=A0=C2=A0 http://lists.freebsd.org/mailman/listinfo/freebsd-securi=
ty
or, via email, send a message with subject or body 'help' to
=C2=A0=C2=A0=C2=A0 freebsd-security-request@freebsd.org
You can reach the person managing the list at
=C2=A0=C2=A0=C2=A0 freebsd-security-owner@freebsd.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-security digest..."
Today's Topics:
=C2=A0 1. Re: [Cryptography] trojans in the firmware (grarpamp)
=C2=A0 2. Re: [Cryptography] trojans in the firmware (Henry Baker)
----------------------------------------------------------------------
Message: 1
Date: Wed, 18 Feb 2015 18:12:07 -0500
From: grarpamp <grarpamp@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Cc: cypherpunks@cpunks.org, freebsd-security@freebsd.org
Subject: Re: [Cryptography] trojans in the firmware
Message-ID:
=C2=A0=C2=A0=C2=A0 <CAD2Ti29bD6f7tTq=3DFgGQDXD43C+zTW0fOWYrbCeTCBmiu0bBqA@m=
ail.gmail.com>
Content-Type: text/plain; charset=3DUTF-8
On Wed, Feb 18, 2015 at 5:16 PM, Tom Mitchell <mitch@niftyegg.com> wrote:
> The critical stage is the boot=C2=A0 ROM (BIOS) and the boot device.
> Once Linux has booted a lot is possible but too much has already taken
> place.
> A BIOS that allows booting from a Flash memory card must be trusted.
>
> Virtual machines may help or hinder.
>
> The VM is sitting where the man in the middle wants to be and if it wants
> can protect or expose
> the OSs that it hosts.=C2=A0 A VM can protect a hard drive from being inf=
ected
> by blocking vendor
> codes that might try to update or corrupt modern disks of boot flash memo=
ry.
Afaik, all vm's today simply pass through all drive commands.
It seems a move all the BSD's and Linux could make today,
without waiting on untrustable hardware vendors to roll out signature
verification in hardware, is to simply kernel block all commands
unnecessary to actual production use of the disk. Permit only
from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on.
Thus every other command component, including firmware update,
vendor specific, and binary fuzzing, gets dropped and logged.
It could be done as a securelevel, or compiled in.
It's definitely not bulletproof, but it does force adversaries
to add that much more exploit code and effort to
get root and go around the driver interface to access
the hardware directly. Defense in depth.
Similar tactics could be applied to other areas where
firmware and vendor/fuzzable opcodes are involved...
usb, bios and cpu.
------------------------------
Message: 2
Date: Wed, 18 Feb 2015 17:57:40 -0800
From: Henry Baker <hbaker1@pipeline.com>
To: grarpamp <grarpamp@gmail.com>
Cc: cypherpunks@cpunks.org, freebsd-security@freebsd.org,
=C2=A0=C2=A0=C2=A0 cryptography@metzdowd.com
Subject: Re: [Cryptography] trojans in the firmware
Message-ID: <E1YOGNA-0004BG-UT@elasmtp-banded.atl.sa.earthlink.net>
Content-Type: text/plain; charset=3D"us-ascii"
At 03:12 PM 2/18/2015, grarpamp wrote:
>On Wed, Feb 18, 2015 at 5:16 PM, Tom Mitchell <mitch@niftyegg.com> wrote:
>> The critical stage is the boot=C2=A0 ROM (BIOS) and the boot device.
>> Once Linux has booted a lot is possible but too much has already taken p=
lace.
>> A BIOS that allows booting from a Flash memory card must be trusted.
>>
>> Virtual machines may help or hinder.
>>
>> The VM is sitting where the man in the middle wants to be and if it want=
s can protect or expose
>> the OSs that it hosts.=C2=A0 A VM can protect a hard drive from being in=
fected by blocking vendor
>> codes that might try to update or corrupt modern disks of boot flash mem=
ory.
>
>Afaik, all vm's today simply pass through all drive commands.
>
>It seems a move all the BSD's and Linux could make today,
>without waiting on untrustable hardware vendors to roll out signature
>verification in hardware, is to simply kernel block all commands
>unnecessary to actual production use of the disk. Permit only
>from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on.
>Thus every other command component, including firmware update,
>vendor specific, and binary fuzzing, gets dropped and logged.
????=C2=A0 If the disk drive or flash drive firmware has already
been compromised, none of this will work, because the firmware
simply waits for the appropriate "legitimate" read & write
commands, and does its thing.
BTW, what happens with "emulated" disks -- e.g., .vdi files --
in vm's ?=C2=A0 Presumably these emulated disks have no firmware to
update, so any attempt would either be ignored or crash the
system.
------------------------------
Subject: Digest Footer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
------------------------------
End of freebsd-security Digest, Vol 522, Issue 1
************************************************
From owner-freebsd-security@FreeBSD.ORG Thu Feb 19 16:16:02 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 89BEF95B
for <freebsd-security@freebsd.org>; Thu, 19 Feb 2015 16:16:02 +0000 (UTC)
Received: from elasmtp-mealy.atl.sa.earthlink.net
(elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69])
by mx1.freebsd.org (Postfix) with ESMTP id 57A99AA5
for <freebsd-security@freebsd.org>; Thu, 19 Feb 2015 16:16:01 +0000 (UTC)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=pipeline.com;
b=GYKwoOi5vc2tepvkSurjvZix9n0AJt4BjidKTqWmGKObm15apbl9ZKxHxa2D88cT;
h=Received:X-Mailer:Date:To:From:Subject:In-Reply-To:References:Mime-Version:Content-Type:Message-ID:X-ELNK-Trace:X-Originating-IP;
Received: from [70.109.44.99] (helo=A.pipeline.com)
by elasmtp-mealy.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256)
(Exim 4.67) (envelope-from <hbaker1@pipeline.com>)
id 1YOTjj-0004uI-59; Thu, 19 Feb 2015 11:13:59 -0500
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 19 Feb 2015 08:12:41 -0800
To: grarpamp <grarpamp@gmail.com>,cypherpunks@cpunks.org,
freebsd-security@freebsd.org,cryptography@metzdowd.com
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: [Cryptography] trojans in the firmware
In-Reply-To: <E1YOGNA-0004BG-UT@elasmtp-banded.atl.sa.earthlink.net>
References: <E1YNSQU-0004pW-Oh@elasmtp-kukur.atl.sa.earthlink.net>
<E3B30770-BB81-47F1-895D-14CF7FCFC0BE@lrw.com>
<54E2B04C.9080707@av8n.com>
<E1YNuOT-0004uN-CV@elasmtp-mealy.atl.sa.earthlink.net>
<54E436FB.9000709@deadhat.com>
<CAAMy4USCzQDO=k3yhZ_LVb4ivz4k5qTCasm3KCen+y1yi8oa+w@mail.gmail.com>
<CAD2Ti29bD6f7tTq=FgGQDXD43C+zTW0fOWYrbCeTCBmiu0bBqA@mail.gmail.com>
<E1YOGNA-0004BG-UT@elasmtp-banded.atl.sa.earthlink.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-ID: <E1YOTjj-0004uI-59@elasmtp-mealy.atl.sa.earthlink.net>
X-ELNK-Trace: 1ae2556e383722335a792f37df7f8ca8b65b6112f891153790fc6552fcaf67896e6db278222a318a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 70.109.44.99
X-Mailman-Approved-At: Thu, 19 Feb 2015 16:23:00 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>;
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 16:16:02 -0000
I would love to be able to program this device myself, instead of relying on Samsung's firmware.
BTW, what's the point of AES encryption on this pre-p0wned device? More security theatre?
http://hothardware.com/reviews/samsung-portable-ssd-t1-review
Samsung Portable SSD T1 Review: Blazing Fast External Storage
Utilizing Samsung's proprietary 3D Vertical NAND (V-NAND) technology and a SuperSpeed USB 3.0 interface, the Portable SSD T1 redlines at up to 450MB/s when reading or writing data sequentially, according to Samsung. For random read and write activities, Samsung rates the drive at up to 8,000 IOPS and 21,000 IOPS, respectively.
Capacity 1TB (250GB and 500GB also available)
Interface Compatible with USB 3.0, 2.0
Dimensions (W x H x D) 71.0 x 9.2 x 53.2 mm
Weight Max. 30 grams
Transfer Speed Up to 450MB/sec
UASP Mode UASP Mode
Encryption AES 256-bit
Security Password setting (optional)
Certification CE, BSMI,KC, VCC, C-tick, FCC, IC, UL, TUV, CB
RoHS Compliance RoHS2
Warranty Limited 3 year
Price$569 (street) - Find It At Amazon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2128122602.2736874.1424350240576.JavaMail.yahoo>